@Slapp39 

What did the actual log in Alert/Event show? If those packets already dropped, I don't think it's a problem to setup extra ACL to deal with it.

  @YuukiA I deleted the one error I saw, but it was something like "Gateway rejected ping from XYZ"   It appeared to be one of the checks from the Settings --> Network Security -->Attack Defense --> Block Ping from WAN.    Which is great.  Also, since i have no "routes" configured the Gateway shouldn't pass anything on.   So to touch on the original question.  With 2 previous Gateway/Firewalls, I had to explicitly add in a rule that said to block traffic from WAN --> LAN.   But in this case I think I am covered.